Author: hertzog
Date: 2014-12-12 15:52:18 +0000 (Fri, 12 Dec 2014)
New Revision: 30713
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Add nss to dla-needed.txt due to CVE-2011-3389/nss
And add the links to the associated commit and bug entry.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-12-12 15:52:12 UTC (rev 30712)
+++ data/CVE/list 2014-12-12 15:52:18 UTC (rev 30713)
@@ -66135,6 +66135,8 @@
[wheezy] - bouncycastle <no-dsa> (Minor issue)
NOTE: No mitigation for bouncycastle, it is recommended to use TLS 1.1,
which is supported since 1.4.9
- nss 3.13.1.with.ckbi.1.88-1
+ NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=665814
+ NOTE: https://hg.mozilla.org/projects/nss/rev/7f7446fcc7ab
- polarssl <unfixed> (unimportant)
NOTE: No mitigation for polarssl, it is recommended to use TLS 1.1,
which is supported in all releases
- tlslite <removed>
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2014-12-12 15:52:12 UTC (rev 30712)
+++ data/dla-needed.txt 2014-12-12 15:52:18 UTC (rev 30713)
@@ -50,6 +50,8 @@
--
nfs-utils
--
+nss
+--
pyyaml
--
qemu
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
